hkdf zeroization fix
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7106)
Shane Lontis authored 5 years ago
Pauli committed 5 years ago
280 | 280 | unsigned char *okm, size_t okm_len) |
281 | 281 | { |
282 | 282 | HMAC_CTX *hmac; |
283 | unsigned char *ret = NULL; | |
283 | 284 | |
284 | 285 | unsigned int i; |
285 | 286 | |
329 | 330 | |
330 | 331 | done_len += copy_len; |
331 | 332 | } |
332 | ||
333 | ret = okm; | |
334 | ||
335 | err: | |
336 | OPENSSL_cleanse(prev, sizeof(prev)); | |
333 | 337 | HMAC_CTX_free(hmac); |
334 | return okm; | |
335 | ||
336 | err: | |
337 | HMAC_CTX_free(hmac); | |
338 | return NULL; | |
339 | } | |
338 | return ret; | |
339 | } |